Download - Citrix Access Suite Reviewer’s Guide - PPN · 8 Citrix Access Suite Reviewer’s Guide • Common Management Platform — is a unified framework containing client and server configuration,

Citrix® Access Suite™ 4.0

Citrix Access Suite Reviewer’s Guide

Copyright and Trademark NoticeUse of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included on your product CD-ROM.

Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.

© 2005 Citrix Systems, Inc. All rights reserved.

Citrix, ICA (Independent Computing Architecture), MetaFrame, MetaFrame XP, NFuse, and Program Neighborhood are registered trademarks, and SpeedScreen is a trademark of Citrix Systems, Inc. in the United States and other countries.

RSA Encryption © 1996-1997 RSA Security Inc., All Rights Reserved.

This product includes software developed by The Apache Software Foundation (http://www.apache.org/)

Trademark AcknowledgementsAdobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries.

Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc.

DB2, Tivoli, and NetView are registered trademarks, and PowerPC is a trademark of International Business Machines Corp. in the U.S. and other countries.

HP OpenView is a trademark of the Hewlett-Packard Company.

Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product.

Portions of this software are based in part on the work of the Independent JPEG Group.

Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rights reserved.

Macromedia and Flash are trademarks or registered trademarks of Macromedia, Inc. in the United States and/or other countries.

Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corp. in the U.S. and other countries.

Novell Directory Services, NDS, and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Novell Client is a trademark of Novell, Inc.

RealOne is a trademark of RealNetworks, Inc.

SpeechMike is a trademark of Koninklijke Philips Electronics N.V.

Unicenter is a registered trademark of Computer Associates International, Inc.

UNIX is a registered trademark of The Open Group.

Licensing: Globetrotter, Macrovision, and FLEXlm are trademarks and/or registered trademarks of Macrovision Corporation.

All other trademarks and registered trademarks are the property of their respective owners.

Document Code: June 15, 2005 (SOC)

Contents 3

Contents

Chapter 1 Introduction to the Citrix Access SuiteOverview of the Citrix Access Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Key Features and Benefits of the Citrix Access Suite. . . . . . . . . . . . . . . . . . . . . . . . 7Accessing Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Reviewer’s Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Access Suite Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chapter 2 Components of the Citrix Access SuiteProducts Included in the Citrix Access Suite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Overview of Citrix Presentation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Overview of Citrix Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Overview of Citrix Password Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3 Deploying the Citrix Access SuiteCase Study: PT Kalbe Farma. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

The Challenge: Simplifying IT Management & Reducing Complexity . . . . . . 17Implementing a Citrix Solution for Application Deployment . . . . . . . . . . . . . . 18Driving Business Value with Access Infrastructure . . . . . . . . . . . . . . . . . . . . . 18Future Plans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Case Study: Florida Statewide Guardian Ad Litem Office. . . . . . . . . . . . . . . . . . . 19Challenge: Connecting 4,670 Advocates in 54 Offices throughout the State . . 19Implementing a Citrix Solution for Remote Office Connectivity . . . . . . . . . . . 20From Start-up to Success in Record Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Helping Children in Need Through On-demand Access . . . . . . . . . . . . . . . . . . 21

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4 Metaframe Access Suite Reviewers Guide

CHAPTER 1

Introduction to the Citrix Access Suite

This guide is for anyone reviewing or evaluating the Citrix Access Suite. It provides information about the components, key features, and benefits of using the Citrix Access Suite.

This chapter provides an overview of the Citrix Access Suite and also describes the benefits to organizations of using the Citrix Access Suite as an integrated solution for their access needs.

Topics in this chapter include

• Overview of the Citrix Access Suite

• Key Features and Benefits of the Citrix Access Suite

• Accessing Documentation

You should read this guide in conjunction with the individual product reviewer’s guides described in the “Reviewer’s Documentation” on page 9.

Overview of the Citrix Access SuiteAccess to information resources has become a critical issue for organizations from two perspectives: on the one hand, ubiquitous access is essential for growth and competitive advantage; on the other, the struggle to deliver this access in a world of system and user complexity threatens to overwhelm IT departments.

The Access Suite is an access platform that provides secure, on-demand access to any corporate information resource, from anywhere, with any device, over any network. Comprised of Presentation Server, Access Gateway, and Password Manager, the Access Suite is secure by design, consolidates access into a central location for more efficient management and effective control, and provides a foundation that scales and adapts to support business change and growth.

6 Citrix Access Suite Reviewer’s Guide

Previously, users had to purchase these products separately and piece them together to build an architecture for enterprise access. In contrast, the Access Suite is a unified solution. Each component product solves a particular access challenge for an organization, while all work together as an integrated solution.

First, the Access Suite centralizes business-critical applications and other information shares with Presentation Server, transforming them into virtualized subscription-based services that can be delivered to any device or connection.

Next, these applications and information are protected by Password Manager with single sign-on and password policy controls that force users to create and manage strong passwords, while moving password management into the hands of the IT organization.

Finally, secure access to the network and virtualized services is ensured via Access Gateway, enabling dynamic and discriminatory access based on each connecting user’s access scenario — a combination of the device, location, and connection.

The Access Suite provides a secure integrated solution that ensures the best access experience with SmartAccess, SmoothRoaming, and Integrated Identity Management. See “Key Features and Benefits of the Citrix Access Suite” on page 7 for more details.

Citrix Presentation Server 4.0 The latest version of the world's most widely deployed presentation server provides unprecedented scalability by enabling higher user density through enhanced CPU utilization management and virtual memory optimization; breakthrough compatibility through isolated application environments, support for virtual IP addresses, and USB peripheral support of ActiveSync PDAs, scanners, and cameras; state-of-the-art printing through a 50% increase in speed by utilizing less bandwidth and memory, support for advanced printer functionality such as multiple paper trays and stapling, and proximity printing - the ability to print to the nearest printer when SmoothRoaming; and greater flexibility by unifying the Windows and UNIX versions of Presentation Server and packaging Conferencing Manager as an integrated feature.

Citrix Access Gateway 4.0 Delivering on the Citrix SmartAccess promise, the latest version of the Access Gateway delivers a plug-and-play, appliance-based SSL VPN gateway for increased security and ease-of-use. Superior to IPSec VPNs, it provides a single point of access through all firewalls, prevents worm traversal between networks, increases security by masking distributed URLs, accelerates deployment with an auto-updating client, and improves the user's SmoothRoaming experience with “always-on” connectivity and adaptive user access for any user interface. Superior to SSL VPNs, the Access Gateway works for all applications and protocols, gives users a familiar desktop look and feel without a browser-based portal, allows administrators to disable split-tunneling, and integrates URL rewriting, webification, port forwarding, network extension, and access for VoIP and telephony applications.

Chapter 1 Introduction to the Citrix Access Suite 7

Secure by design, the Access Gateway ensures endpoint security through continuous real-time checks for antivirus, personal firewalls, proper patches, network connection paths, device types, and so on.

Citrix Password Manager 4.0 The latest version of Citrix's enterprise single sign-on solution delivers simplified user access through “hot desktop” user switching, self-service password reset, and an entirely new, intuitive user interface available in five languages; improves security and regulatory compliance through digitally signed configuration settings, enhanced event logging, and LDAP directory credential storage; and enhances administrative control through new Suite-integrated licensing and a streamlined management console also available in five languages.

Key Features and Benefits of the Citrix Access SuiteThe Citrix Access Suite provides the following key features and benefits:

• Granular Access Control — provides a fine level of control over applications, files, web content, email attachments, printing, and caching; all based on user role, device, location, and connectivity policies. This is a key administrative function of SmartAccess. Granular Access Control allows you to define over-arching policies for all user access scenarios based-on privilege, device, location, and connection, assign information resources to users and user groups for application level access control, and implement strong password policies that force users to create strong passwords prior to gaining access to resources.

• Adaptive User Access — adjusts access dynamically by re-factoring the user interface, filtering applications and information, and enabling secure and reliable mobility. This is a key user function of SmoothRoaming and SmartAccess.Adaptive User Access ensures the most secure access, optimal performance, and optimal experience based on the risk of each user’s specific access scenario (permissions, device, connection, location).

• Universal Access Interface — presents IT services through a unified and consistent user experience of applications, data, and authentication. This is a key user function of SmoothRoaming and Integrated Identity Management.Universal Access Interface provides access through a browser-based interface. It provides a single point of access for all available IT resources and services delivered as an intranet or extranet solution, decreases the number of passwords that users must manage, and enables strong primary authentication to protect corporate data.


• Common Management Platform — is a unified framework containing client and server configuration, licensing, monitoring, and reporting tools for administrative simplicity, business visibility, and corporate security. Using the Common Management Platform administrators can observe, monitor, and measure access infrastructure resources holistically, for informed decision-making.

• Rapid Provisioning — enables IT services by simply managing user accounts and group membership. Administrators can add and remove user access easily and quickly. This is the key administrative function of Integrated Identity Management.Using Rapid Provisioning administrators can:

• Deactivate users and service availability with confidence using only the active directory.

• Deliver services to new users quickly by adding them to the directory, assigning them to groups, and sending them to a Web site.

• Deliver new services to users by designating applications and information resources for access by directory users and groups.

• Architectural Security — transforms existing IT infrastructure by augmenting its design with a centralized command and control architecture. This is the core benefit represented by the Secure by Design capability.Architectural Security is now built in as a part of the architectural design of the Citrix IT infrastructure. It secures information by moving applications and information into the data center, and integrates secure access and control technologies to maintain secure connectivity.

Accessing DocumentationThis Reviewer’s Guide is part of the Citrix Access Suite documentation set. The documentation set includes guides that correspond to each component product of the Citrix Access Suite. Documentation is provided in Adobe Portable Document Format (PDF).

Important information about known issues, and last-minute documentation updates and corrections are provided in the component product Readme files. Be sure to read the readme.txt file for each product before installation or during troubleshooting.

Chapter 1 Introduction to the Citrix Access Suite 9

Important To view, search, and print the PDF documentation, you need to have the Adobe Acrobat Reader 5.0.5 or later with Search. You can download Adobe Acrobat Reader for free from the Adobe Systems’ Web site at http://www.adobe.com/.

Reviewer’s DocumentationDocumentation available for anyone reviewing or evaluating the Citrix Access Suite includes:

• Citrix Access Suite Reviewer’s Guide (this guide)—introduces the Citrix Access Suite, describes the key features and benefits of its component products, and provides a number of case studies showing how the Citrix Access Suite can be used in a production environment.

• Citrix Presentation Server Reviewer’s Guide—contains complete instructions for installing and demonstrating the key features of Citrix Presentation Server in an evaluation environment.

• Citrix Password Manager Evaluator’s Guide—contains complete instructions for installing, configuring, and testing a small-scale deployment of Citrix Password Manager using sample and evaluation editions of applications.

• Citrix MetaFrame Secure Access Manager Reviewer’s Guide—contains complete instructions for installing, configuring, and testing a full, small-scale deployment of Citrix Access Gateway.

Note Citrix Access Gateway is the new name for the product formerly known as MetaFrame Secure Access Manager. However, in the other products and components that make up the Access Suite, for example in the management consoles and documentation, Access Gateway is still referred to as MetaFrame Secure Access Manager.

Access Suite Documentation The Access Suite documentation comprises the following suite level guides:

• MetaFrame Access Suite Deployment Guide — provides information about the components, key features, and benefits of using the Access Suite and also looks at common deployment scenarios.

• Citrix Access Suite Licensing Guide—assists Access Suite administrators with tasks related to deploying, maintaining, and using the licensing for their Access Suite products.

http://www.adobe.com/

CHAPTER 2

Components of the Citrix Access Suite

This chapter describes the component products of the Citrix Access Suite and their key features.

Topics in this chapter include

• Products Included in the Citrix Access Suite

• Overview of Citrix Presentation Server

• Overview of Citrix Access Gateway

• Overview of Citrix Password Manager

Products Included in the Citrix Access SuiteThe Citrix Access Suite consists of the following core component products:

• Citrix Presentation Server

• Citrix Access Gateway

• Citrix Password Manager

The key features and benefits of each product are discussed in the remaining sections of this chapter.

Overview of Citrix Presentation ServerThe foundation of the Access Suite, Presentation Server is the most widely used presentation server for centrally deploying and managing heterogeneous information resources and enabling thousands of users to access them on demand. Presentation Server provides unprecedented scalability, breakthrough application compatibility, and state-of-the-art printing services.


Presentation Server runs on Microsoft Windows Server 2003, Microsoft Windows 2000 Server, and a variety of UNIX operating systems. Presentation Server enables access to virtually any custom or commercially packaged Windows, Web, UNIX, or Java application from any device, over any connection, without requiring multiple desktops or software emulation packages. The conferencing feature enables sharing of published applications.

Presentation Server eliminates the weaknesses of Web-based applications by enabling them to be accessed securely from any browser, operating system, or device with consistent performance regardless of available bandwidth. There is no need for cache clean-up solutions and information within the data center is protected.

Whether your users rely on desktop PCs, Macintoshes, laptops, UNIX or Linux workstations, thin-client devices, Windows-based terminals, wireless devices, or other network appliances, you can use Presentation Server solutions to:

• Speed application deployment to thousands of users simultaneously

• Provide your mobile workforce with consistent access to mission-critical data and applications

• Quickly integrate remote offices with your corporate systems

• Enable fail-over systems for business continuity during an emergency or planned outage

Presentation Server provides an exceptional foundation on which to build highly scalable, flexible, secure, manageable access solutions that reduce computing costs and increase the utility of any information system, and results in:

• An on-demand organization — Presentation Server provides a robust and resilient foundation that helps organizations align business goals with IT capabilities by providing powerful management tools that enhance administrative efficiency and increase system control.

• Speedy application deployment and reduced IT costs — Presentation Server simplifies and speeds deployment of new applications, updates, and patch deployment – regardless of the diversity of the access devices, software languages, computing architectures, and networks that are involved. With Presentation Server, you continue to leverage existing infrastructure while modernizing your business.

• Increased user productivity through reliable remote and mobile access — Presentation Server enables users to be more productive wherever they are. Applications and information can be securely accessed in real-time, improving data accuracy and business processing. Users can roam between devices, locations, and networks, and continue working without interruption.

Chapter 2 Components of the Citrix Access Suite 13

• Increased security — To assist organizations in meeting internal standards and complying with government and industry regulations, Presentation Server provides a secure-by-design platform and enables end-to-end visibility. This gives IT the ability to design compliant systems, and gives IT administrators greater control over security, all while reducing compliance costs.

Overview of Citrix Access GatewayAccess Gateway is a universal SSL VPN appliance that provides a secure, always-on, single point-of-access over the Web to a wide range of internal and external information resources, including applications, data sources, documents, Web content, and services. With a set of easy-to-use, wizard-driven configuration tools, IT administrators can enable browser-based access to the entire enterprise—personalized to each user’s needs and with secure connectivity over the Web. Access Gateway provides access to all applications and protocols - including IP telephony - via a secure hardened appliance that works through any firewall.

Additionally, the Advanced Access Control option of the Citrix Access Gateway enables granular access control and an adaptive user access experience that changes with each access scenario. The Advanced Access Control option enables administrators to establish a fine degree of control over applications, files, Web content, email attachments, and printing. Access Gateway manages both what can be accessed and what actions are permitted, based on the user’s role, location, type of device, configuration of device, and connection. The policy engine, enforcement decisions, and hardened appliance are implemented inside the protected network, resulting in greater security than is provided by typical SSL VPNs.

Access Suite 4.0 customers will receive user connection licenses for the Citrix Access Gateway and the Advanced Access Control option. The SSL VPN appliance is sold separately and is necessary only for customers who wish to utilize Advanced Access Control or who need access to applications and services other than those delivered through Citrix Presentation Server such as email synchronization and IP telephony access.

Note Citrix Access Gateway is the new name for the product formerly known as MetaFrame Secure Access Manager. However, in the other products and components that make up the Access Suite, for example in the management consoles and documentation, Access Gateway is still referred to as MetaFrame Secure Access Manager.


Access Gateway combines the best features of IPSec and SSL VPNs and delivers the best access experience of any SSL VPN in the market. It provides:

• A single point of secure access to any application or IT resource, data, and voice — Access Gateway provides secure access to any application hosted on Citrix Presentation Server, as well as distributed Windows and UNIX applications, direct-access Web applications, network file shares, data and collaboration services. In fact, the Access Gateway is optimized to provide high performance for UDP-based-applications, such as IP telephony.

• Low purchase and maintenance costs — Access Gateway is fast, simple, and cost-effective to deploy and maintain via its Web-deployed, auto-updating client. Organizations can easily provide their remote and mobile users with desktop-like access from any location, without the cost and complexity of installing, configuring, updating, and supporting client software on each device.

• Always-on mobility and a seamless desktop experience for users — Access Gateway automatically and seamlessly reconnects users to their applications and documents when they change locations and devices, and gives users at any location the same access experience that they have at their desktop. For example, a user can be connected at a customer or partner location, close their laptop and disconnect from the network, return to the office, and then be automatically reconnected, all without a single keystroke.

• Strengthened data security — Access Gateway is implemented as a secure-by-design hardened appliance within an organization’s Demilitarized Zone (DMZ). Built-in end-point scanning provides continuous, real-time end-point scanning to ensure that a device is safe for remaining connected to the network.

Overview of Citrix Password ManagerCitrix Password Manager is an enterprise single sign-on solution that delivers simplified user access and advanced password security to Windows, Web, proprietary, and host-based applications, whether locally installed, Web-based, or running in the Citrix server environment.

Password Manager eliminates the security breaches that are common when users have more passwords than they can manage. It is easy to deploy and use, and requires no scripting, application-level integration, or significant changes to existing IT infrastructure. Users authenticate once with a single password, and Password Manager automatically logs onto password-protected information resources, enforces password policies, monitors password-related events, and automates end-user tasks including password changes.

It is the first enterprise single sign-on product to offer integrated self-service password reset, and provides a Hot Desktop feature that cuts logon and logoff times from minutes to seconds.

Chapter 2 Components of the Citrix Access Suite 15

All passwords are retained in an encrypted store within the data center. You can also configure Password Manager to automatically change application passwords at desired intervals without the user knowing, thereby ensuring a higher degree of protection.

Password Manager fundamentally changes the typical approach for managing multiple passwords, centralizing password management and moving this important capability into the hands of the IT organization, and results in:

• Simplified user access to IT resources — Users log on once with a single password and Password Manager authenticates the user to all other password-protected applications.

• Increased network security — Password Manager eliminates the need for employees to save multiple passwords by centralizing and automating password management.

• Decrease in Help desk calls —– With Password Manager, routine password-related events are automated and made invisible to the end user, eliminating many unnecessary help desk calls.

• Broader platform support — Password Manager supports Windows, Web, and host-based applications, whether the applications are running standalone or hosted on Citrix Presentation Server.

• Easy implementation — With powerful configuration tools, a task-based management console and no scripting required, Password Manager is easily configured for your existing environment.

CHAPTER 3

Deploying the Citrix Access Suite

The following customer case studies provide a detailed look at the access challenges these customers faced, the Citrix solution they implemented, and their measurements for success.

• In Asia Pacific, PT Kalbe Farma expanded its Citrix investment by stepping up to the Citrix Access Suite.

• In the Americas, Florida Statewide Guardian Ad Litem Office re-defined IT service delivery with the Citrix Access Suite.

Case Study: PT Kalbe FarmaFounded in 1966 with “the scientific pursuit of health for a better life” as its guiding principle, PT Kalbe Farma has emerged as one of Indonesia’s leading pharmaceutical companies. Kalbe Farma today produces over-the-counter and prescription medications, health food, and animal health products. The company currently employs more than 2,500 people across 62 branches.

The Challenge: Simplifying IT Management & Reducing ComplexityKalbe Farma initially deployed Citrix technology in 2000 to support the deployment of a finance application to its marketing office and to one of its manufacturing plants, and in 2001 the company used Citrix software to roll out enterprise resource planning (ERP) software for the pharmaceutical industry called Protean. The ERP software had very specific technological requirements that would have required Kalbe Farma to replace all its servers and PCs. By implementing Citrix Presentation Server, the company was able to retain its existing IT architecture and systems, and also provide its employees at the marketing office and various plants across Indonesia with remote access to corporate applications.

18 MetaFrame Access Suite Reviewers Guide

Since then, Kalbe Farma has grown rapidly, and the company faced the challenge of providing secure, easy, and consistent access to a wide variety of mission-critical applications for its 2,500 employees across 62 branches throughout Indonesia. Across such a vast network, application deployment was extremely tedious and time consuming. It was also a challenge providing employees with access to the legacy applications that were running on different operating systems including Microsoft Windows, Linux, and Sun.

Implementing a Citrix Solution for Application DeploymentTo cope with this challenge, Kalbe Farma expanded its Citrix access infrastructure deployment in 2004, taking it from a tactical solution to an access strategy. This enterprise access strategy was designed to simplify application management, provide any time, anywhere access to applications, and reduce the IT costs of supporting 30 on-line branch offices and a variety of client devices, such as PCs, terminals, laptops, and personal digital assistants.

Kalbe Farma adopted the Citrix Access Suite, including Citrix Presentation Server as well as Citrix Secure Access Manager (now called Citrix Access Gateway). With the new Citrix solution, employees access a range of Windows, client/server, DOS, legacy, and Web applications over a wide area network (WAN). The applications comprise a mix of legacy and third-party software such as Lotus Notes, Protean, Avantis, and Orlansoft.

At the core of this new access strategy is Citrix Access Gateway, which enables Kalbe Farma’s employees at any location to securely access corporate applications and internal information through an enterprise information portal.

This access is extended without the need for IT staff to re-write code or to make costly investments in user training, IT support, or computer hardware. Citrix Access Gateway also helps Kalbe Farma to ensure network security, because IT staff can control access based on policies, rules or user roles.

Driving Business Value with Access InfrastructurePT Kalbe Farma has derived numerous benefits from its implementation of Citrix access infrastructure solutions, including considerable cost savings. “Using Citrix Presentation Server to centrally deploy applications across a heterogeneous mix of systems, Kalbe Farma has extended the lifespan of its existing IT hardware from three years to five years, resulting in hundreds of thousands of dollars in savings.” — Joanito Iwan Tamsil, Senior IT Manager at PT Kalbe Farma, Tbk.

Chapter 3 Deploying the Citrix Access Suite 19

With a centralized management architecture, Citrix technology has also helped Kalbe Farma reduce IT support costs, requiring only nine IT professionals to support all business processes. Without Citrix solutions, Mr. Joanito estimates that the company would have needed up to 25 IT staff members to perform the same function.According to Mr. Joanito, Citrix technology has also helped Kalbe Farma accelerate application deployment across remote branches and offices. Upgrading an application across all client devices today can be centrally executed in less than 30 minutes, compared to the several months needed when IT staff had to travel across all the offices to individually administer the upgrade on each PC.

Future PlansIn 2005, Kalbe Farma will implement Citrix Password Manager to help its employees cope with the multiple passwords required to access the various applications used by the company. To improve employee productivity, Kalbe Farma is also in the process of implementing Citrix Conferencing Manager to facilitate geographically dispersed teams to work concurrently and cooperatively on the same applications and documents.

Note: Citrix Conferencing Manager now is a feature in Citrix Presentation Server.

Case Study: Florida Statewide Guardian Ad Litem OfficeIn Florida, over 48,000 abused and neglected children participate in non-criminal court cases involving custody rulings, foster care, and adoption. The Florida Guardian Ad Litem office (GAL), a state agency with approximately 500 staff operating throughout Florida, coordinates a support network of more than 4,600 volunteers to ensure that abused and neglected children have active, knowledgeable advocates in court. With an average load of 1.6 cases per volunteer and 125 cases per staff attorney, the program was hard-pressed to deliver representation in every case. To expand the reach of the program to serve all child cases, the State of Florida stepped in with funding and a formal mandate to organize the office as a state-level agency in January 2004.

Challenge: Connecting 4,670 Advocates in 54 Offices throughout the StatePrior to 2004, GAL offices operated as 21 individual entities across the state, under the jurisdiction of the 20 judicial circuits. When the agency was created, it became apparent that a common IT backbone would be needed to ensure the accurate tracking of every case and child in the system. “The executive director noticed an immediate need to put everyone on a statewide network in order to communicate as a consolidated state agency,” said Johnny C. White, CIO, Florida Statewide Guardian Ad Litem Office.


Furthermore, the IT support staff needed to roll out the required infrastructure on an extremely tight budget. “We started looking at various ways to build the network but quickly realized that just the cost of the physical connections to the 54 offices was money we couldn’t afford,” continued White. With each office on a 10 Mb dedicated line costing $675 per month, networking costs alone could top $405,000 per year.Staff resources were likewise limited, with only two full-time support staff to deploy and maintain IT for the entire organization. “Patch management for a distributed architecture would require about two hours per week per location; for 54 locations, that would mean 100 hours per week just maintaining existing systems,” noted White. “In addition, a distributed architecture would require us to have 20 full-time employees for each of the state’s 20 judicial circuits, to maintain local servers and data. That approach didn’t make sense for us; it would take key resources away from our core mandate — providing representation for children.”

Implementing a Citrix Solution for Remote Office ConnectivityTo provide case coordinators and other advocates across the state with fast and secure access to IT services, GAL turned to Citrix access infrastructure to consolidate its IT architecture. The Citrix Access Suite enables 500 authorized GAL staff to access key applications, including email and Microsoft Office, from any office or remote location throughout Florida using any device or connection. GAL also plans to roll out its mission-critical case management solution via the system in the near term. These applications are deployed centrally without compromising performance, accessibility, or security. In addition, GAL IT will provide support for wireless connections.Bayshore Technologies, Florida’s only platinum-level Citrix Solutions Advisor, worked closely with GAL to implement the Citrix solution.

From Start-up to Success in Record TimeThe new state-level agency achieved immediate success with a single, functioning IT infrastructure across the entire state within the allocated IT budget. “If every state agency worked this way, they’d have more resources to serve constituents. Using a Citrix solution to deliver secure, on-demand access to information from anywhere saves an incredible amount of time and money,” noted White.The alternative approach, a traditional design with 20 to 30 distributed servers in the statewide network, would have been too costly, resource-intensive, and time-consuming. Configuring more than 500 client devices would have required technicians to physically touch every machine, demanding hundreds of man-hours. Adding new users would have necessitated on-site visits by a technician to physically and administratively set up their PCs. These actions might require between four and five hours per client device. In contrast, setting-up new users via the Citrix solution takes only 30 minutes, a 90 percent saving of time and cost.

Chapter 3 Deploying the Citrix Access Suite 21

Helping Children in Need Through On-demand Access Beyond cost-savings, improved connectivity, and on-demand access to critical information will dramatically improve the delivery of service to children in need. For example, staff can easily transfer a case from one jurisdiction to another instantly, sometimes saving weeks of work and ensuring that the newly assigned case coordinator always has all of the information needed to represent the child. GAL will have roughly 300 people inputting data in order to generate reports to the Florida Legislature. GAL’s access infrastructure will provide a focal point for data collection.With statewide case consolidation, GAL also will maintain direct control over cases and visibility into the assigned case load, ensuring critical information is available to provide more effective advocacy.The Access Suite ensures the security of sensitive information by containing sensitive child case information within the confines of the data center. In addition, the Citrix solution dramatically simplifies user access without compromising security. Previously, users needed to maintain as many as four different logins, drawing on limited resources for common problems such as password resets. The Access Suite will reduce the number of passwords to one, eliminating a significant time and cost drain on the lean IT staff.In addition, although users will access the system through a single point of entry, the Citrix solution will enable the IT staff to efficiently maintain control over access to case information, provisioning file availability. Only users with a specific need, validated by a central authority, will be able to view case files.“Once we get the entire Access Suite up and running, we’ll be able to better administer how we publish applications and critical information to users,” concluded White. “Citrix makes the entire process faster and easier for us — it willsave us a great deal of time, money, and energy, as well as enable us to reach our goal of 100 percent representation for all abused and neglected children across the state.”

Index 23

Index

AAccess Gateway 13Access Suite 8

adaptive user access 7architectural security 8Citrix Access Gateway 6Citrix Password Manager 7Citrix Presentation Server 6common management platform 8components 6granular access control 7introduction and overview 5key features and benefits 7overview 5universal access interface 7

Access Suite guidesMetaFrame Access Suite Deployment Guide 9MetaFrame Access Suite Licensing Guide 9

accessingdocumentation 8

adaptive user access 7architectural security 8

Bbenefits

Citrix Access Suite 7

CCase Study

PT Kalbe Farma 17case study

Florida Statewide Guardian Ad Litem Office 19PT Kalbe Farma 17

Citrix Access Gateway 4.0 6Citrix Access Suite

components 11key features and benefits of 7

Citrix Access Suite Licensing Guide 9Citrix Password Manager 4.0 7Citrix Presentation Server

overview 11Citrix Presentation Server 4.0 6

common management platform 8components

Citrix Access Suite 11components of the Access Suite 6

Ddocumentation

accessing 8reviewer’s documentation 9

Ffeatures

Citrix Access Suite 7

Ggranular access control 7

MMetaFrame Access Suite Deployment Guide 9

Ooverview

Citrix Access Gateway 13Citrix Access Suite 5Citrix Password Manager 14Citrix Presentation Server 11

PPassword Manager 14

Rrapid provisioning 8

Uuniversal access interface 7